• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy
• Books
• Gallery

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Foreign Exchange

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

V.V. Krishnan

Protect cyber turf.

As I write this column on the poignant anniversary of 26/11, my thoughts are on how cyberspace has unwittingly facilitated terrorism and how we need to act swiftly so that this medium of communication can be protected against terrorists. There is increasing evidence that terrorists have found Internet communication eminently suitable to disseminate propaganda in their favour as also work out the finer details of a plot that aims at wanton violence against innocent citizens.

To execute the savage attack in Mumbai last year, the perpetrators were known to have employed satellite phones to keep in touch with one another, prior to and while the attack was still in progress. They also received minute-to-minute instructions from those who had masterminded the whole carnage. It is logical to believe that e-mails were also exchanged between them as the conspiracy was being evolved.

The latest report from Italy supports the contention that all remarkable technological advances based on the Net are being exploited by terrorists. In this instance, the Italian Police arrested a father-son duo for transferring money to buy VoIP (Voice over Internet Protocol) connections for use by some terrorists who were possibly behind 26/11.

It is widely known that VoIP communication is difficult to intercept by law enforcement agencies. This is something akin to the problem faced by the police in keeping track of messages that pass through a Blackberry or Skype. It is an entirely different matter that Indian authorities have been commendably sensitive to this gap in national security and have moved to plug it at least partially.

Many limitations

Extraordinary patience as well as ingenuity is required to monitor terrorists in cyberspace. There are several limitations to the task. First is the legal requirement in many countries that the police and intelligence agencies need to arm themselves with a Judicial or Executive order to eavesdrop on telephonic conversations and the Internet traffic. Such permission may not exactly be difficult to obtain, especially in major investigations. But then the process involves delay, which could be crucial and enable terrorist groups to get away before the police move in.

Use of computers with a specific IP number that is tagged on to an individual or an organisation has its own distinct disadvantage. Once a mail is intercepted and is found to carry a suspicious test, an IP number enables swift tracing of the exact machine used. To avert this danger, many miscreants go to a cyber café and pass on a quick message to a collaborator, before speeding away. This is why investigators are often blind after locating the machine and the particular cyber café which had registered it. They are seldom able to locate the exact person who used the machine from which an offending mail had been sent, unless the latter is stupid enough to return to the same café. Modern terrorists and other criminals are not that dumb!

Stolen computers also come in handy to them, and laptop theft has, therefore, become a formidable menace from the security point of view.

Computer savvy terrorists can also take over a computer from a remote location and use it to send a confidential message. You will now understand how difficult a job it is for cyber investigators. Terrorists understand this well, no wonder they use cyberspace with absolute confidence.

Mushrooming site

s Monitoring of cyberspace assumes further importance from the phenomenal rise in the number of Web sites that glorify violent ideology and peddle dangerous information, such as how to make explosives. According to one estimate, there are more than a thousand such sites that carry incendiary material. A major task of law enforcement is to snuff out these in quick time so that young minds do not get swayed by them. Do the police have the time for this? Also, is it worth the effort, because for every site taken off, several new ones spring up at a horrifying speed? This is why keeping track of terrorism on cyberspace is not only burdensome but is frustrating as well.

Cyber terrorism, which targets vital services such as air traffic control and power plants, is a distinct possibility, although it still remains a theory. A few major power outages spread over vast areas that occurred in the US a few years ago were initially believed to have been a terrorist operation, until in-depth enquiries attributed them to mere technical glitches.

Notwithstanding this, there is always the lurking suspicion that there could have been a terrorist hand. This is why physical security of vital installations becomes meshed with cyber security. Access control that will prevent a terrorist getting close to a computer remains fundamental to thwarting terrorist designs.

Finally, there is the phenomenon of cell-phones which are a handy tool in the hands of terrorists. During investigation of conventional and terrorist crimes, the huge computerised databases that service providers have at their command have become a valuable aid to investigators. Protecting such databases and expertise in analysing data culled out from them are fundamental tasks.

This is one reason why service providers will have to make huge investments in making the security of their systems nearly invulnerable. No major defects have come to our notice till now. But there cannot be any complacency. I would urge the IT Ministry and the Ministry of Communication to reflect on this so that valuable information stored in the computers of service providers is protected against tampering.

Happenings such as 9/11 and 26/11 highlight the need to educate the average policeman in several areas. Not the least important of them is imparting instruction in the fundamentals of computers, especially how machines can be used by terrorists and other anti-social elements to convey or hide communication.

Indian Police leaders have done their bit. Unlike in the past, a majority of fresh recruits come in with at least a modest background of computer knowledge. This is of great advantage to building a sizeable cadre of cyber crime investigators. This silent revolution is already taking place in many States. I am confident that the momentum in this area will be kept up because there are no signs of an end to terrorism in the near future and there are great expectations from police investigators.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line